<!-- Author: Moe Kyaw Thu Aung --> 
<!-- Last Modified: 11 Sep 2012 -->
<!-- Handles all db functions of Admin -->
<?php
session_start();

include("../confs/config.php");

$action = $_GET['do'];

switch($action) {
	case "login":
		login();
	break;
	case "logout":
		logout();
	break;
	case "add":
		add();
		break;
	case "delete":
		delete();
		break;
	case "fddelete":
		fddelete();
		break;
	case "update":
		update();
		break;
	default: 
		//
}

function login() {
	$name = $_POST['name'];
	$password = $_POST['password'];
	
	if($name == "admin" && $password == "123456") {
		$_SESSION['auth'] = 1;
		
		header("location: list.php");
	} else {
		$_SESSION['auth'] = 0;
		$_SESSION['msg'] = "User name or password didn't match!";
		
		header("location: index.php");
	}
}
function logout() {
	unset($_SESSION['auth']);
	
	header("location: index.php");
}

function add() {
	global $DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME;
	
	$name = $_POST['name'];
	$des = $_POST['des'];
	$price = $_POST['price'];
	$qty = $_POST['qty'];

	$cover = $_FILES['cover']['name'];
	
	move_uploaded_file($_FILES['cover']['tmp_name'], "../covers/" . $_FILES['cover']['name']);

	$conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASSWORD);
	mysql_select_db($DB_NAME, $conn);
	$result = mysql_query("INSERT INTO items (name, des, price, qty, cover) VALUES ('$name', '$des', '$price', '$qty', '$cover')") or die(mysql_error($conn));

	$_SESSION['msg'] = "Successfylly inserted an Item!";

	header("location: index.php");
}

function delete() {
	global $DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME;
	
	$id = $_GET['id'];

	$conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASSWORD);
	mysql_select_db($DB_NAME, $conn);
	$result = mysql_query("DELETE FROM items WHERE id=$id");

	$_SESSION['msg'] = "Successfylly deleted an Item!";

	header("location: index.php");
}
function fddelete() {
	global $DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME;
	
	$id = $_GET['id'];

	$conn = mysql_connect("localhost", "root", "");
	mysql_select_db("onestopjcu", $conn);
	$result = mysql_query("DELETE FROM feedback WHERE feedback_id=$id");

	$_SESSION['msg'] = "Successfylly deleted a feedback!";

	header("location: index.php");
}

function update() {
	global $DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME;
	
	$id = $_GET['id'];
	
	$conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASSWORD);
	mysql_select_db($DB_NAME, $conn);	
		
	if(!$id) return false;
	
	$name = $_POST['name'];
	$des = $_POST['des'];
	$price = $_POST['price'];
	$qty = $_POST['qty'];

	$changed_cover = $_POST['changed_cover'];
	
	if($changed_cover) {	
		$cover = $_FILES['cover']['name'];
	
		move_uploaded_file($_FILES['cover']['tmp_name'], "../covers/" . $_FILES['cover']['name']);

		$result = mysql_query("UPDATE items SET name='$name', des='$des', price='$price', qty='$qty', cover='$cover' WHERE id=$id");
	} else {
	
		$result = mysql_query("UPDATE items SET name='$name', des='$des', price='$price', qty='$qty' WHERE id=$id");
	
	}

	$_SESSION['msg'] = "Successfylly updated an Item!";

	header("location: index.php");
}
?>
